AI is scaling ransomware, not reinventing it: 80% of groups now promote AI or automation features, Acronis finds

Acronis: 80% of ransomware groups now pitch AI to scale phishing and automation

Attackers are using AI to do more of what already works. The Acronis Cyberthreats Report H2 2025 shows a clear pivot: less novelty, more scale. For operations teams, that means higher volume, faster tempo, and thinner margins for error across email, collaboration, and provider-layer tools.

Bottom line: familiar tactics delivered at machine speed demand tighter patching, stronger phishing defenses, and always-on monitoring.

Key numbers operations leaders should track

• RaaS shift: 80% of ransomware-as-a-service programs promote AI or automation for affiliates.
• Email exposure: Attacks rose 16% per organization and 20% per user; phishing made up 83% of email threats.
• Collaboration tools: Advanced attacks jumped from 12% in 2024 to 31% in 2025.
• Initial access: Phishing 52%; unpatched vulnerabilities 27% among MSP/telco incidents.
• Victim geography: U.S. 65%, Canada 7%, Germany 6%, U.K. 5%; France, Italy, Spain, Brazil, India 3% each; Australia 2%.
• Top targeted sectors: Manufacturing 21%, Technology 20%, Health care 12%, Business services 10%, Financial services 9%, Consumer services 8%, Transportation/Logistics 7%, Construction 7%, Education 6%.

Ransomware groups and the concentration of impact

• Share of publicly disclosed victims: Qilin 23%, Akira 18%, Clop 12%.
• Next tier: Play 9%, INC Ransom 9%, Babuk2 8%, RansomHub 6%, DragonForce 6%, Lynx 5%, SafePay 4%.
• Takeaway: A few mature programs draw affiliates with proven tooling, infrastructure, and cashout flows. Clop stands out for repeatedly exploiting high-impact enterprise vulnerabilities.

Why this matters for operations

AI is multiplying attacker capacity across well-known entry points: email, collaboration suites, internet-facing apps, and provider platforms. For MSPs and MSSPs, one mistake can ripple across many customers in hours.

The ecosystem is fragmented but productive, with frequent rebrands and new "brands" spinning up on repeatable intrusion paths. Expect ongoing extortion-first playbooks where data theft and pressure tactics matter as much as encryption.

What's driving the risk

• Patch latency on public-facing apps, remote access, and management platforms.
• Phishing at scale, plus OAuth abuse and social engineering inside collaboration tools.
• Provider-layer aggregation: compromise one MSP or telco, reach dozens to hundreds downstream.
• Mature RaaS: handoff-ready tooling, shared infrastructure, and guidance that lowers the bar for affiliates.
• Campaign timing: heavy early-year bursts, then tapering as defenses adapt and attacker infrastructure gets burned.

Supply chain and provider-layer observations

At least 1,200 publicly identified victims were hit via third parties between January and November 2025, peaking at 260 in February. Cl0p favors selective, high-leverage campaigns via shared services and trusted platforms, while Qilin and Akira run faster, broader operations across multiple environments.

Service provider incidents show phishing as a common enabler, but unpatched software dominates initial access when attackers target MSP and supply chain paths. Direct RDP hits are far less common than they used to be.

AI risk in your tooling

AI will be a standard attacker tool in 2026. Indirect prompt injection, workflow manipulation, and data leakage through connectors target behavior, not just code defects-so filters alone won't save you.

The real danger for MSPs: AI-driven automation with broad trust. Ticketing bots, scripted remediation, and config assistants can be steered by untrusted inputs or weak integrations, pushing unsafe changes at scale unless approvals and audit are enforced.

Operations playbook: Concrete steps to reduce risk now

• Patch and exposure management
  • Set 72-hour SLAs for internet-facing criticals; 7-14 days for internal high/critical findings.
  • Prioritize VPNs, SSO/IdP, RMM/EDR agents, virtualization platforms, and management consoles.
  • Continuously inventory external services; block or gate unused ports and protocols.
• Email and collaboration hardening
  • Enforce SPF/DKIM/DMARC (quarantine/reject), inbound authentication checks, and external sender tagging.
  • Sandbox attachments, limit risky file types, and tighten link protections and OAuth app consent.
  • Limit tenant-wide sharing, restrict third-party integrations, and log admin actions.
• Identity and access
  • Enforce phishing-resistant MFA for admins; use just-in-time elevation and session recording.
  • Inventory nonhuman identities (service accounts, API keys, automation tokens); least privilege, scoped tokens, rotation, and vaulting.
  • Kill legacy auth, review standing admin rights, and monitor OAuth grants and SSO trust changes.
• AI and automation governance
  • Approval gates for high-impact actions; change windows; comprehensive audit logs.
  • Isolate automation credentials, apply allow/deny lists for data sources, and validate inputs from user-generated content.
  • Test for prompt injection on documentation, tickets, and chat channels exposed to users.
• Ransomware resilience
  • EDR with isolation, script control, and tamper protection on endpoints and servers.
  • Backups with immutability and offsite copies (3-2-1-1-0); run quarterly recovery drills with RTO/RPO targets.
  • Segment management planes; restrict lateral movement (e.g., RDP, SMB), and protect hypervisors and backup consoles.
• Provider-layer and supply chain controls
  • Tier vendors by blast radius; require patch SLAs, logging, and incident reporting in contracts.
  • Separate customer access paths; per-tenant keys and policies; least privilege for RMM/PSA tools.
  • Monitor third-party tokens, agents, and update channels; verify code signing and provenance.
• Detection and response
  • Hunt for abnormal automation actions, mass OAuth grants, and unusual admin sequences.
  • Alert on backup policy changes, hypervisor snapshots, and disabled security controls.
  • Define playbooks for phishing, initial footholds, and provider compromise; rehearse handoffs.

Metrics to prove progress

• Mean time to patch internet-facing criticals; percentage patched within SLA.
• Phishing reporting rate and time-to-containment; VIP-targeted phish caught pre-click.
• Percentage of admin actions executed with just-in-time elevation; number of standing admin accounts.
• Service account inventory coverage; key rotation age; tokens scoped to least privilege.
• Backup restore success rate and time to full restore for a production system.

What to watch in 2026

• AI as standard attacker force-multiplier across phishing, automation, and reconnaissance.
• Deeper hits on virtualization platforms and security/IT agents for outsized control.
• Extortion-first operations: more data theft and pressure, less reliance on encryption.
• Identity abuse shifts to nonhuman identities and provider SSO/PAM fabrics.
• Operational AI risks: prompt injection, workflow manipulation, and connector leakage.

Sector and group hotspots at a glance

• Industries: Manufacturing and Technology lead targeting, followed by Health care and Business services. Financial, Consumer services, Transportation/Logistics, Construction, and Education follow closely.
• Groups: Qilin, Akira, and Clop drive a large share of public victims. Clop prioritizes high-impact vulnerabilities and shared services for cascading effect.

Next step for operations teams

Pick one area you can harden this week-patch a public-facing system backlog, lock down OAuth consent, or enforce just-in-time admin. Then schedule a restore drill and a phishing tabletop. Small, consistent wins reduce blast radius when a campaign hits.

For deeper practice patterns across identity, patching, and multitenancy in AI-augmented environments, see AI for Operations.

Helpful references: CISA ransomware guidance and NIST SP 800-207 Zero Trust.